public $format_html = 'table';
public $format_html_ua_exp = '/^\S+\s+.Windows|iPhone|Android|Macintosh|Linux/';
+ public $hide_keys_exp = 'PHP_AUTH_DIGEST|PHP_AUTH_PW|PHP_AUTH_USER|REMOTE_PASSWORD|Authorization|HTTP_AUTHORIZATION';
+ public $hide_keys_value = '****************';
+
public $uri;
public $uri_params;
public $param_args_sep = '|';
'format_html_ua_exp'
] as $k) {
$env = 'DBQ_'.strtoupper($k);
+
if (isset($_SERVER[$env])) $this->$k = $_SERVER[$env];
}
$run = isset($opt['run']) ? $opt['run'] : false;
unset($opt['run']);
+ // Format perm into int value
+ $perm = strtolower($this->perm);
+ if (isset($this->perms[$perm])) {
+ $this->perm = $this->perms[$perm];
+ }
+
parent::__construct($opt);
//
];
$this->page->js_code = 'window._dbq = '.json_encode($this->json);
- list($title,$nav) = $this->title_nav();
- $this->page->title = join($this->sep_title,$title);
- $this->page->nav = $nav;
+ if (is_scalar($obj) and $obj != 'logout') {
+ list($title,$nav) = $this->title_nav();
+ $this->page->title = join($this->sep_title,$title);
+ $this->page->nav = $nav;
+ }
$this->page->body_class = ''
.(empty($this->params['db']) ? '' : ' db-'.$this->params['db'])
.(empty($this->params['table']) ? '' : ' table-'.$this->params['table'])
.(empty($this->params['action']) ? ' action-'.self::PARAM_DB_DEFAULT : ' action-'.$this->params['action'])
+
;
$this->page->begin();
}
and ( strpos('table view',$this->table->type()) !== false )
);
}
+
public function table_rows($fct=null) {
$this->db->limit = $this->limit();
return $this->db->ssha_password($password);
}
+ public function perm2h() {
+ foreach ($this->perms as $k => $v) {
+ if ( strtolower($this->perm) === strtolower($v) ) return $k;
+ }
+ return $this->perm;
+ }
+
public function status() { #$this->perm--;
$rows = [];
'addr',
'port',
'software',
+ 'remote_user',
] as $k) {
if ($this->perm < self::ADMIN and $k == 'software') continue;
$rows[] = [ 'name' => 'server.'.$k, 'value' => $v ];
}
+ // User
+ if ($user = $this->logged()) {
+ $rows[] = [ 'name' => 'user.name', 'value' => $user ];
+ $rows[] = [ 'name' => 'user.perm', 'value' => $this->perm2h() ];
+ }
+
// Client headers
- foreach ($this->client_header() as $k=>$v) $rows[] = [
- 'name' => 'client.header.'.$k,
- 'value' => ( is_scalar($v) ? $v : json_encode($v) ),
- ];
+ foreach ($this->client_header() as $k=>$v) {
+ if ( preg_match('/^(' . $this->hide_keys_exp . ')$/', $k)) $v = $this->hide_keys_value;
+
+ $rows[] = [
+ 'name' => 'client.header.'.$k,
+ 'value' => ( is_scalar($v) ? $v : json_encode($v) ),
+ ];
+ }
// Admin or bye !
- if ($this->perm < self::ADMIN) return $rows;
+ #if ($this->perm < self::ADMIN) return $rows;
/*
// Headers sent
// Machine
#if ($this->perm >= self::ADMIN) {}
if (function_exists('posix_uname')) {
- foreach (posix_uname() as $k=>$v) {
+ foreach (posix_uname() as $k => $v) {
+ if ($k == 'domainname' and $v == '(none)') continue;
$rows[] = [ 'name' => 'posix.uname.'.$k, 'value' => $v ];
}
}
if ($p['value'] and !$this->str_match($value,$p['value'])) continue;
if ($p['section'] and !$this->str_match($_section,$p['section'])) continue;
+ if ($_section == 'PHP_VARIABLES'
+ and preg_match('/^(.?_SERVER\[.)?(.' . $this->hide_keys_exp . ')(.\])?$/', $name)
+ ) {
+ $value = $this->hide_keys_value;
+ }
+
$rows[] = [
'section' => $_section,
'name' => $name,
}
+ public function logged() {
+ if (!empty($_SERVER['PHP_AUTH_USER'])) return $_SERVER['PHP_AUTH_USER'];
+ if (!empty($_SERVER['REMOTE_USER'])) return $_SERVER['REMOTE_USER'];
+ return '';
+ }
+
+ public function logout() {
+
+ if (0) {
+ unset($_SERVER["PHP_AUTH_DIGEST"]);
+ unset($_SERVER['PHP_AUTH_PW']);
+ unset($_SERVER['PHP_AUTH_USER']);
+ unset($_SERVER['REMOTE_PASSWORD']);
+ unset($_SERVER['REMOTE_USER']);
+
+ #header('Content-type: text/html');
+ if (empty($_REQUEST['realm'])) header('WWW-Authenticate: Basic');
+ else header('WWW-Authenticate: Basic realm="'.$_REQUEST['realm'].'"');
+
+ header('HTTP/1.1 401 Access Denied');
+ header('HTTP/1.1 401 Unauthorized');
+ }
+
+ if (1) echo <<<EOF
+<script type="text/javascript">
+document.addEventListener("DOMContentLoaded", function(event){
+function dbq_logout(referrer='') {
+
+ if (referrer == '') referrer = document.referrer;
+ var userAgent = navigator.userAgent.toLowerCase();
+
+ if (userAgent.indexOf("msie") != -1) {
+ document.execCommand("ClearAuthenticationCache", false);
+ }
+
+ var http;
+ if (window.XMLHttpRequest) {
+ http = new XMLHttpRequest();
+ } else if(window.ActiveXObject) {
+ http = new ActiveXObject("Microsoft.XMLHTTP");
+ } else {
+ alert ("Your browser is too old, please close your browser to logout.");
+ return false;
+ }
+
+ /*
+ if (referrer) document.location = referrer;
+ return;
+ */
+ var url = '/logout/';
+ http.open("GET", url, true, '\\0', 'password');
+ http.onload = function() {
+ if (!this.status || this.readyState != 4) return;
+ if (referrer) document.location = referrer;
+ };
+ http.send();
+
+}
+
+dbq_logout();
+});
+</script>
+EOF;
+
+ #exit;
+ }
+
public function run_root() {
$action = $this->params['db'];
if (!$action and self::PARAM_DB_DEFAULT) $action = self::PARAM_DB_DEFAULT;
});
} elseif ($action == 'logout') {
- unset($_SERVER['PHP_AUTH_USER']);
- unset($_SERVER['PHP_AUTH_PW']);
- unset($_SERVER['REMOTE_USER']);
- unset($_SERVER['REMOTE_PASSWORD']);
- unset($_SERVER["PHP_AUTH_DIGEST"]);
- #header('Content-type: text/html');
- if (empty($_REQUEST['realm'])) header('WWW-Authenticate: Basic');
- else header('WWW-Authenticate: Basic realm="'.$_REQUEST['realm'].'"');
- header('HTTP/1.1 401 Access Denied');
- header('HTTP/1.1 401 Unauthorized');
- if (0) echo <<<EOF
-<!DOCTYPE html>
-<html>
-<head>
-<title>401</title>
-<script type="text/javascript">
-function logout(url){
- var str = url;
- str = str.replace("http://", "http://" + new Date().getTime() + "@");
- str = str.replace("https://", "https://" + new Date().getTime() + "@");
- var xmlhttp = (window.XMLHttpRequest ? new XMLHttpRequest() : new ActiveXObject("Microsoft.XMLHTTP"));
- xmlhttp.onreadystatechange=function() { if (xmlhttp.readyState==4) location.reload(); };
- xmlhttp.open("GET",str,true);
- xmlhttp.setRequestHeader("Authorization","Basic YXNkc2E6");
- xmlhttp.send();
- return false;
-}
-</script>
-</head>
-</html>
-EOF;
- #echo '<html><head><title>401 Unauthorized</title><script type="text/javascript">var a,b="You should be logged out now.";try{a=document.execCommand("ClearAuthenticationCache")}catch(d){}a||((a=window.XMLHttpRequest?new window.XMLHttpRequest:window.ActiveXObject?new ActiveXObject("Microsoft.XMLHTTP"):void 0)?(a.open("HEAD",c||location.href,!0,"logout",(new Date).getTime().toString()),a.send(""),a=1):a=void 0);a||(b="Your browser is too old or too weird to support log out functionality. Close all windows and restart the browser.");alert(b)})</script></head></html>';
- #javascript:(function(c){var a,b="You should be logged out now.";try{a=document.execCommand("ClearAuthenticationCache")}catch(d){}a||((a=window.XMLHttpRequest?new window.XMLHttpRequest:window.ActiveXObject?new ActiveXObject("Microsoft.XMLHTTP"):void 0)?(a.open("HEAD",c||location.href,!0,"logout",(new Date).getTime().toString()),a.send(""),a=1):a=void 0);a||(b="Your browser is too old or too weird to support log out functionality. Close all windows and restart the browser.");alert(b)})(/*pass safeLocation here if you need*/);uI#
- #echo '<html><head><title>401 Unauthorized</title><meta http-equiv="refresh" content="1"></head><body><h1>401 Unauthorized</h1><p>You are not allowed to see this page. Reload the page to try again.</p></body></html>';
- #if (empty($_REQUEST['user'])) header('Location: '.str_replace('//','//'.$_REQUEST['user'].'@',(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/')));
- #header('Location: '.(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/'));
- echo '<meta http-equiv="refresh" content="0; url='.(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/').'">';
- #if (!empty($_SERVER['PHP_AUTH_USER'])) header('Location: '.str_replace('//','//@',(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/')));
- exit;
+
+ #$this->logout();
+ $this->page($this,'logout');
} elseif ($action == 'ssha_password') {
$this->page($this,'ssha_password');
$this->rows_table($action,$this->phpinfo_rows());
#$this->page(['phpinfo'=>$this->page->phpinfo(true)]);
#$this->page($this->page->phpinfo());
- $this->page($this,'phpinfo_rows');
+ #$this->page($this,'phpinfo_rows');
#$this->phpinfo_rows();
} elseif (0
or $action == '_SERVER'
or $action == '_REQUEST'
) {
- $rows = []; foreach ($GLOBALS[$action] as $k=>$v) $rows[] = [
- 'name' => $k,
- 'value' => ( is_scalar($v) ? $v : json_encode($v) ),
- ];
+ $rows = [];
+ foreach ($GLOBALS[$action] as $k=>$v) {
+ if (preg_match('/^(' . $this->hide_keys_exp . ')/', $k)) $v = $this->hide_keys_value;
+ $rows[] = [
+ 'name' => $k,
+ 'value' => ( is_scalar($v) ? $v : json_encode($v) ),
+ ];
+ }
$this->page($rows);
}
projects / nb.git / commitdiff